As August 2025 comes to a close, we’re back with the latest roundup of newly released AWS privileged permissions, and once again the scope of cloud security boundaries continues to expand. This month, AWS introduced impactful updates across services ranging from Clean Rooms and SES to Bedrock, Batch, Observability Admin, and re:Post Private. These additions touch everything from data privacy guardrails and email sending behavior to telemetry monitoring, job execution, and identity session controls.
Each of these privileges carries meaningful implications for security teams, whether it is exfiltrating sensitive datasets, weakening detection visibility, persisting access in collaboration spaces, or running arbitrary workloads. Collectively, they highlight how new privileges can shift the attack surface overnight. Dive into this month’s list to see what is new and what risks demand your attention.
Existing Services with New Privileged Permissions
AWS Clean Rooms
Service Type: Data and Analytics
Permission: cleanrooms:UpdateConfiguredTableReference
- Action: Grants permission to update the table reference of an existing configured table
- Mitre Tactic: Exfiltration
- Why it’s privileged: Changes the data source used in Clean Rooms queries, potentially redirecting access to different datasets.
Permission: cleanrooms:UpdateConfiguredTableAllowedColumns
- Action: Grants permission to update the allowed columns of an existing configured table
- Mitre Tactic: Exfiltration
- Why it’s privileged: Controls which columns can be queried in Clean Rooms, potentially exposing sensitive or aggregated data beyond intended privacy guardrails.
Amazon CloudWatch Observability Admin Service
Service Type: Observability and monitoring
Permission: observabilityadmin:DeleteTelemetryRule
- Action: Grants permission to delete a telemetry rule with the specified name for the account
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Deletes telemetry rules that govern data collection, allowing attackers to disable observability and evade detection.
Permission: observabilityadmin:UpdateTelemetryRule
- Action: Grants permission to update the specified telemetry rule for the account
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Alters telemetry rules to control which resources emit data, enabling evasion of monitoring or detection.
Amazon Simple Email Service
Service Type: Customer Engagement
Permission: ses:CreateTenantResourceAssociation
- Action: Grants permission to associate a SES resource to a tenant
- Mitre Tactic: Exfiltration
- Why it’s privileged: Allows a tenant to send emails using any associated identity, template, or config set, potentially enabling impersonation or exfiltration through unauthorized email activity.
Permission: ses:UpdateReputationEntityPolicy
- Action: Grants permission to assign a reputation policy
- Mitre Tactic: Impact
- Why it’s privileged: Controls reputation policies that govern email sending behavior. Misuse can disrupt tenant communications or degrade reputation to block critical emails.
Amazon Bedrock
Service Type: Artificial Intelligence & Machine Learning
Permission: bedrock:DeleteAutomatedReasoningPolicy
- Action: Grants permission to delete an automated reasoning policy or its version
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Removes guardrail policies that validate inputs, allowing malicious or noncompliant data to bypass protections and evade detection.
Permission: bedrock:UpdateAutomatedReasoningPolicy
- Action: Grants permission to update an automated reasoning policy
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Updates guardrail logic (rules, variables, configurations), potentially weakening input validation and enabling evasion of detection.
AWS Batch
Service Type: Compute Services
Permission: batch:SubmitServiceJob
- Action: Grants permission to submit an AWS Batch service job
- Mitre Tactic: Execution
- Why it’s privileged: Executes service jobs on AWS Batch targets like SageMaker, enabling arbitrary code or workloads to run, which can be abused for malicious execution.
AWS re:Post Private
Service Type: Collaboration & Productivity
Permission: repostspace:BatchAddChannelRoleToAccessors
- Action: Grants permission to add a role to users and groups in a private re:Post channel in your account
- Mitre Tactic: Persistence
- Why it’s privileged: Assigns roles in private re:Post channels, enabling persistence and potential abuse (e.g., phishing) through trusted content-sharing positions.
AWS SSO Directory
Service Type: Identity and Access Management
Permission: sso:PutApplicationSessionConfiguration
- Action: Grants permission to create a root client certificate
- Mitre Tactic: Privilege Escalation
- Why it’s privileged: Changes application session settings to bypass short session limits, enabling long-running jobs to continue after logout and facilitating privilege escalation or evasion.
Amazon Workspaces
Service Type: Compute Services
Permission: workspaces:CreateRootClientCertificate
- Action: Grants permission to put session configuration for an application
- Mitre Tactic: Persistence
- Why it’s privileged: Creates a root client certificate to register unauthorized devices as “trusted,” enabling long-term access that bypasses device-based security controls.
Permission: workspaces-web:DisassociateSessionLogger
- Action: Grants permission to disassociate session logger from web portals
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Disables session logging in WorkSpaces Web portals, removing visibility into user activity and enabling evasion of monitoring.
Permission: workspaces-web:UpdateSessionLogger
- Action: Grants permission to update session logger
- Mitre Tactic: Defense Evasion
- Why it’s privileged: Modifies session logging for WorkSpaces Web portals, which can disable monitoring or redirect logs to attacker-controlled locations.
Permission: workspaces:ImportCustomWorkspaceImage
- Action: Grants permission to import Bring Your Own License (BYOL) images to Amazon WorkSpaces
- Mitre Tactic: Resource Development
- Why it’s privileged: Imports custom BYOL images into WorkSpaces, allowing malicious or altered base images to be introduced and used by workspace users.
AWS Directory Service
Service Type: Identity and Access Management
Permission: ds:CreateHybridAD
- Action: Grants permission to create a Hybrid Managed AD directory
- Mitre Tactic: Persistence
- Why it’s privileged: Creates a Hybrid Managed Active Directory that syncs with an external AD, establishing a persistent identity source that can be leveraged for long-term access.
Permission: ds:UpdateHybridAD
- Action: Grants permission to update configurations for a specified hybrid directory
- Mitre Tactic: Persistence
- Why it’s privileged: Updates configurations of a Hybrid AD directory, which can be abused to recreate admin accounts and gain persistent control of the synced directory.
Conclusion
As AWS continues to expand its services and introduce new features, the security implications of newly released privileges continue to grow. August’s updates, from changing Clean Rooms data sources to altering telemetry rules, adjusting SES reputation policies, and modifying Bedrock guardrails, show how quickly privileged privileges can redefine data access, monitoring visibility, and execution pathways in your cloud environment.
Sonrai Security’s Cloud Permissions Firewall gives teams the visibility and control they need to stay ahead of these risks. With automated detection of privileged privileges, enforcement of least privilege, and cloud-native Privileged Access Management built for AWS, Sonrai helps organizations adapt as quickly as AWS evolves. In the cloud, new privileges arrive every month, and staying secure means staying proactive.
